Security risks with 10Gb/s networks

A new survey shows that senior networking, operations and security professionals in telecommunications, online services, retail, manufacturing and healthcare have serious concerns about the impact that the transition to 10 gigabit-per-second networking is having on their ability to see into their networks.

The results of the Endace survey indicate that close to three-quarters of the organizations have made the transition to 10GB/s networking in at least one area of their data networks.

An additional 12 percent of the organizations plan to make the transition in the next 12 months. Slightly less than half of the respondents said their organizations have 40Gb/s and/or 100Gb/s networking on their IT roadmaps for the next three to five years.

Highlights of the survey include:

• 84 percent of respondents have concerns about their incumbent vendors’ abilities to manage 10Gb/s throughput environments.
• 47 percent of respondents believe they are missing potentially significant network events due to failing or under-performing systems.
• 78 percent of organizations recognize “strong correlation” between network security and their ability to satisfy government mandated information security requirements (compliance).
• 65 percent of organizations surveyed do not record network traffic for the purposes of forensic analysis of network events.
• 33 percent of organizations reported having experienced some kind of data loss in the last 12 months with 39 percent being unable to accurately identify what was lost.
• 42 percent of organizations admitted to having been the victim of a cyber-attack in the last 12 months, with 67 percent of those admitting to serious problems investigating the attack.

These results appear to indicate that the shift to 10Gb/s networks may result in significant network security blind spots that may expose organizations to unacceptable levels of risk. In addition, it seems likely that organizations are not asking the right questions of application vendors and run the risk of making investments that won’t scale to meet their needs within the amortization window.